Analysing Relations involving small number of Monomials in AES S- Box

TL;DR

This paper investigates whether simple monomial relations of low degree exist in the AES S-Box, which could impact algebraic cryptanalysis by simplifying the equations used to attack AES.

Contribution

It provides an analysis of low-degree monomial relations in the AES S-Box, exploring their existence and potential implications for cryptanalysis.

Findings

No low-degree monomial relations found in the AES S-Box

Analysis suggests such relations are unlikely to simplify algebraic attacks

Results inform the complexity of algebraic cryptanalysis on AES

Abstract

In the present day, AES is one the most widely used and most secure Encryption Systems prevailing. So, naturally lots of research work is going on to mount a significant attack on AES. Many different forms of Linear and differential cryptanalysis have been performed on AES. Of late, an active area of research has been Algebraic Cryptanalysis of AES, where although fast progress is being made, there are still numerous scopes for research and improvement. One of the major reasons behind this being that algebraic cryptanalysis mainly depends on I/O relations of the AES S- Box (a major component of the AES). As, already known, that the key recovery algorithm of AES can be broken down as an MQ problem which is itself considered hard. Solving these equations depends on our ability reduce them into linear forms which are easily solvable under our current computational prowess. The lower the degree of these equations, the easier it is for us to linearlize hence the attack complexity reduces. The aim of this paper is to analyze the various relations involving small number of monomials of the AES S- Box and to answer the question whether it is actually possible to have such monomial equations for the S- Box if we restrict the degree of the monomials. In other words this paper aims to study such equations and see if they can be applicable for AES.